Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2889776 times)

Para-Noid · « **Reply #3405 on:** February 18, 2015, 03:12:42 PM »

Celebrity chef Jamie Oliver’s website hacked, redirects to exploit kit

https://blog.malwarebytes.org/exploits-2/2015/02/celebrity-chef-jamie-olivers-website-hacked-redirects-to-exploit-kit/?utm_source=Gplus&utm_medium=social

abruptum · « **Reply #3406 on:** February 19, 2015, 01:45:07 PM »

Lenovo PCs ship with preinstalled adware and root certificate

http://www.ghacks.net/2015/02/19/lenovo-pcs-ship-with-preinstalled-adware-and-root-certificate/

DavidR · « **Reply #3407 on:** February 19, 2015, 03:54:28 PM »

Quote from: abruptum on February 19, 2015, 01:45:07 PM

Lenovo PCs ship with preinstalled adware and root certificate

http://www.ghacks.net/2015/02/19/lenovo-pcs-ship-with-preinstalled-adware-and-root-certificate/

I can recall something similar from some time ago (can't recall the company making said HDDs) and that was down to new hard drives infected even before installed on new systems.

essexboy · « **Reply #3408 on:** February 19, 2015, 07:24:43 PM »

There is some new adware doing the rounds which employs a double driver rootkit. We are hoping that a simple removal process will be found shortly

I have asked for a copy of the dropper so I can send it to Avast

Quote

Reference shopperz I have a case now where I am having trouble in removing it.

I have used the following :

Take ownership reg change. This fails to run or change ownership
Changing the driver status in services, permission denied
Combofix cannot delete
AVZ cannot delete

FRST can delete from the recovery console I believe however, the computer MBR became corrupt and all repairs failed. Required a re-install (separate case)

I believe this driver is associated :
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [36344 2015-02-05] ()

But the same deletion/ownership problems as above

There is a possible uninstall file in the folder, I am going to try that next, but do not hold out much hope.
Then against hope I will run TDSSKiller
I will try FRST again from the recovery console and hope the previous MBR problem was a coincidence. But, I have warned the OP

EDIT|: Forgot the link http://www.geekstogo.com/forum/topic/347348-sons-laptop-infected-maladware/page-3#entry2480622

From MBAM contact :

Quote

We have discovered that Shopperz adware is using two drivers to protect the files from being removed. That means the drivers are used as a watchdogs for the Shopperz files (adware mixed with a rootkit - great...).

polonus · « **Reply #3409 on:** February 19, 2015, 11:52:16 PM »

NSA and GCHQ allegedly hacked sim-vendor: https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
also: https://twitter.com/AndrewDFish/status/568758179154280448
Access to core mobile networks lay open. Just remember the easiness of the blackphone hack (5 minutes)

How Gemalto reacted to these revelations on the AEX, a 6% loss:
http://www.beurs.nl/gemalto-koers

polonus

polonus · « **Reply #3410 on:** February 20, 2015, 02:57:37 PM »

Security experts call for an end to new PC crapware installs: http://www.computerworld.com/article/2886978/security-experts-call-for-halt-to-pc-crapware-after-lenovo-debacle.html

polonus

Para-Noid · « **Reply #3411 on:** February 20, 2015, 05:00:59 PM »

Evolve Gamers Hunted by Malware

https://blog.malwarebytes.org/fraud-scam/2015/02/evolve-gamers-hunted-by-malware/?utm_source=Gplus&utm_medium=social

Eddy · « **Reply #3412 on:** February 20, 2015, 10:22:33 PM »

Instructions on how to uninstall SuperFish and the certificate
http://support.lenovo.com/us/en/product_security/superfish_uninstall

I don't see detection added to the vps $:-\$

polonus · « **Reply #3413 on:** February 21, 2015, 01:37:41 PM »

Hi Eddy,

A shame

really as MS already has the capability to remove the Superphish adware on its virusscanners ->
http://www.microsoft.com/security/scanner/en-us/default.aspx
See: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fSuperfish.A

polonus

Para-Noid · « **Reply #3414 on:** February 21, 2015, 04:55:48 PM »

Lenovo and the Superfish fiasco

https://blog.malwarebytes.org/privacy-2/2015/02/lenovo-and-the-superfish-fiasco/?utm_source=Gplus&utm_medium=social

polonus · « **Reply #3415 on:** February 21, 2015, 05:05:49 PM »

Hi Para-Noid,

Getting harder and harder to manoeuvre around crap and junk now. We see where that brought us now!
Some good free programs started to be flagged as malcode because the additional junk could not easily enough be circumvented by the average unaware user.
I wish you all an enormous lot of less OpenCandy and what else might come your way bundled.
Hope these marketing cheap money eager mor**ns are finally gonna learn they are shooting their own big feet big time, but it is always hardest for one to admit to their own mistakes/miscalculations

polonus

polonus · « **Reply #3416 on:** February 21, 2015, 09:28:08 PM »

More worrisome words: https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops

pol

abruptum · « **Reply #3417 on:** February 23, 2015, 10:08:50 AM »

Privdog is Superfish all over again

http://www.ghacks.net/2015/02/23/privdog-is-superfish-all-over-again/

Staticguy · « **Reply #3418 on:** February 23, 2015, 09:39:37 PM »

Superfish introduction and removal tools and model numbers for Lenovo notebooks that suffered from having Superfish preloaded:

E-Series: E10-30
Flex-Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 14 (BTM), Flex2 15 (BTM), Flex 10
G-Series: G410, G510, G40-70, G40-30, G40-45, G50-70, G50-30, G50-45
M-Series: Miix2 - 8, Miix2 - 10, Miix2 - 11
S-Series: S310, S410, S415; S415 Touch, S20-30, S20-30 Touch, S40-70
U-Series: U330P, U430P, U330Touch, U430Touch, U540Touch
Y-Series: Y430P, Y40-70, Y50-70
Yoga-Series: Yoga2-11BTM, Yoga2-11HSW, Yoga2-13, Yoga2Pro-13
Z-Series: Z40-70, Z40-75, Z50-70, Z50-75

Removal tool from the manufacturer: http://support.lenovo.com/us/en/product_security/superfish_uninstall

Information about Superfish: http://www.zdnet.com/article/microsoft-updates-windows-defender-to-remove-superfish-infection/

bob3160 · « **Reply #3419 on:** February 23, 2015, 10:07:32 PM »

Quote from: Staticguy on February 23, 2015, 09:39:37 PM

Superfish introduction and removal tools and model numbers for Lenovo notebooks that suffered from having Superfish preloaded:

E-Series: E10-30
Flex-Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 14 (BTM), Flex2 15 (BTM), Flex 10
G-Series: G410, G510, G40-70, G40-30, G40-45, G50-70, G50-30, G50-45
M-Series: Miix2 - 8, Miix2 - 10, Miix2 - 11
S-Series: S310, S410, S415; S415 Touch, S20-30, S20-30 Touch, S40-70
U-Series: U330P, U430P, U330Touch, U430Touch, U540Touch
Y-Series: Y430P, Y40-70, Y50-70
Yoga-Series: Yoga2-11BTM, Yoga2-11HSW, Yoga2-13, Yoga2Pro-13
Z-Series: Z40-70, Z40-75, Z50-70, Z50-75

Removal tool from the manufacturer: http://support.lenovo.com/us/en/product_security/superfish_uninstall

Information about Superfish: http://www.zdnet.com/article/microsoft-updates-windows-defender-to-remove-superfish-infection/

I wouldn't be a bit surprised if the removal tool was created at the same time that the spying started. Just waiting to be released
when someone was caught with their hands in the cookie jar.